Differences

This shows you the differences between two versions of the page.

--- tutorial:ldap:syncopenldap [2016-04-13 22:59]
weichbr [Configure the Slave]
+++ tutorial:ldap:syncopenldap [2018-06-03 14:10]
@@ Line 1: / Line 1: @@
-{{tag>tutorial ldap}}
-====== Configure OpenLDAP replication on Debian 8 (Jessie) ======
-===== Requirements =====
-  * Two Debian 8 installation with OpenLDAP
-  * A user account in the directory for the syncing
-    * This tutorial assumes ''%%cn=ldapsync,ou=people,dc=my,dc=domain,dc=tld%%''
-  * First server is configured per [[tutorial:ldap:installopenldap|Install and configure OpenLDAP on Debian 8 (Jessie)]]
-  * Other server is configured per [[tutorial:ldap:installopenldap|Install and configure OpenLDAP on Debian 8 (Jessie)]], but **only** until (and including) the "Add some data" step.
-----
-===== Notes =====
-  * This tutorial show how to do master -> slave replication. Only the master will accept writes!
-----
-===== Configure the Master =====
-  * Give the sync account the necessary right to read everything. This includes passwords!
-    * Simply modify the ''%%access.ldif%%'' in the "Enforce Authrization" step to include the sync account like the admin account.
-  * Create a ''%%syncmod.ldif%%'', ''%%index.ldif%%'' file and a ''%%sync.ldif%%'' file:
-  * <code>
-dn: cn=module{0},cn=config
-changetype: modify
-add: olcModuleLoad
-olcModuleLoad: syncprov.la
-</code>
-  * <code>
-dn: olcDatabase={1}mdb,cn=config
-changetype: modify
-add: olcDbIndex
-olcDbIndex: entryUUID,entryCSN eq
-</code>
-  * <code>
-dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config
-changetype: add
-objectClass: olcOverlayConfig
-objectClass: olcSyncProvConfig
-olcOverlay: syncprov
-</code>
-  * Apply them in that order with ''%%ldapmodify%%''
-----
-===== Configure the Slave =====
-  * Also apply the ''%%syncmod.ldif%%'' and ''%%index.ldif%%'' files.
-  * Create a ''%%sync.ldif%%'' file:
-  * <code>
-dn: olcDatabase={1}mdb,cn=config
-changetype: modify
-add: olcSyncRepl
-olcSyncRepl: rid=001
-  provider=ldap://ip.of.your.server/
-  bindmethod=simple
-  binddn="cn=ldapsync,ou=people,dc=my,dc=domain,dc=tld"
-  credentials=syncaccountpassword
-  searchbase="dc=my,dc=domain,dc=tld"
-  scope=sub
-  schemachecking=on
-  type=refreshAndPersist
-  retry="30 5 300 3"
-  interval=00:00:00:30
-  starttls=yes
-  tls_reqcert=allow
-</code>
-  * Apply it with ''%%ldapmodify%%''